[Zope-dev] question: forcing https for authentication

[Oliver Bleutgen]

Dieter Maurer wrote:
> You might use a "SiteAccess" access rule.

Dieter, thanks for the suggestion. But I don't see how SiteAccess could
help me here, maybe I'm missing something.

Basically, what I want to do is to prevent zope from ever sending a 
unauthorized response to a clear text http request, instead it should 
send a redirect to a https://* URI, which would then send the 
unauthorized response, so that the browser dialog for basic 
authentication would only be trigger on a secure connection. I don't 
know where inside zope I could implement such a hook, that's why I 
posted here.

cheers,
oliver